npm - @jgardner04/ghost-mcp-server - Versions diffs - 1.8.0 → 1.9.0 - Mend

@jgardner04/ghost-mcp-server 1.8.0 → 1.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/package.json +1 -1
package/src/mcp_server_improved.js +117 -0
package/src/services/__tests__/ghostServiceImproved.members.test.js +261 -0
package/src/services/__tests__/memberService.test.js +245 -0
package/src/services/ghostServiceImproved.js +107 -0
package/src/services/memberService.js +202 -0

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@jgardner04/ghost-mcp-server",
-  "version": "1.8.0",
+  "version": "1.9.0",
   "description": "A Model Context Protocol (MCP) server for interacting with Ghost CMS via the Admin API",
   "author": "Jonathan Gardner",
   "type": "module",

package/src/mcp_server_improved.js CHANGED Viewed

@@ -903,6 +903,122 @@ server.tool(
   }
 );
+// =============================================================================
+// MEMBER TOOLS
+// Member management for Ghost CMS subscribers
+// =============================================================================
+// Create Member Tool
+server.tool(
+  'ghost_create_member',
+  'Creates a new member (subscriber) in Ghost CMS.',
+  {
+    email: z.string().email().describe('The email address of the member (required).'),
+    name: z.string().optional().describe('The name of the member.'),
+    note: z.string().optional().describe('A note about the member.'),
+    labels: z.array(z.string()).optional().describe('List of label names to assign to the member.'),
+    newsletters: z
+      .array(z.object({ id: z.string() }))
+      .optional()
+      .describe('List of newsletter objects with id field to subscribe the member to.'),
+    subscribed: z
+      .boolean()
+      .optional()
+      .describe('Whether the member is subscribed to emails. Defaults to true.'),
+  },
+  async (input) => {
+    console.error(`Executing tool: ghost_create_member with email: ${input.email}`);
+    try {
+      await loadServices();
+      const ghostServiceImproved = await import('./services/ghostServiceImproved.js');
+      const createdMember = await ghostServiceImproved.createMember(input);
+      console.error(`Member created successfully. Member ID: ${createdMember.id}`);
+      return {
+        content: [{ type: 'text', text: JSON.stringify(createdMember, null, 2) }],
+      };
+    } catch (error) {
+      console.error(`Error in ghost_create_member:`, error);
+      return {
+        content: [{ type: 'text', text: `Error creating member: ${error.message}` }],
+        isError: true,
+      };
+    }
+  }
+);
+// Update Member Tool
+server.tool(
+  'ghost_update_member',
+  'Updates an existing member in Ghost CMS. All fields except id are optional.',
+  {
+    id: z.string().describe('The ID of the member to update.'),
+    email: z.string().email().optional().describe('New email address for the member.'),
+    name: z.string().optional().describe('New name for the member.'),
+    note: z.string().optional().describe('New note about the member.'),
+    labels: z
+      .array(z.string())
+      .optional()
+      .describe('New list of label names to assign to the member.'),
+    newsletters: z
+      .array(z.object({ id: z.string() }))
+      .optional()
+      .describe('New list of newsletter objects with id field to subscribe the member to.'),
+  },
+  async (input) => {
+    console.error(`Executing tool: ghost_update_member for member ID: ${input.id}`);
+    try {
+      await loadServices();
+      const { id, ...updateData } = input;
+      const ghostServiceImproved = await import('./services/ghostServiceImproved.js');
+      const updatedMember = await ghostServiceImproved.updateMember(id, updateData);
+      console.error(`Member updated successfully. Member ID: ${updatedMember.id}`);
+      return {
+        content: [{ type: 'text', text: JSON.stringify(updatedMember, null, 2) }],
+      };
+    } catch (error) {
+      console.error(`Error in ghost_update_member:`, error);
+      return {
+        content: [{ type: 'text', text: `Error updating member: ${error.message}` }],
+        isError: true,
+      };
+    }
+  }
+);
+// Delete Member Tool
+server.tool(
+  'ghost_delete_member',
+  'Deletes a member from Ghost CMS by ID. This operation is permanent and cannot be undone.',
+  {
+    id: z.string().describe('The ID of the member to delete.'),
+  },
+  async ({ id }) => {
+    console.error(`Executing tool: ghost_delete_member for member ID: ${id}`);
+    try {
+      await loadServices();
+      const ghostServiceImproved = await import('./services/ghostServiceImproved.js');
+      await ghostServiceImproved.deleteMember(id);
+      console.error(`Member deleted successfully. Member ID: ${id}`);
+      return {
+        content: [{ type: 'text', text: `Member ${id} has been successfully deleted.` }],
+      };
+    } catch (error) {
+      console.error(`Error in ghost_delete_member:`, error);
+      return {
+        content: [{ type: 'text', text: `Error deleting member: ${error.message}` }],
+        isError: true,
+      };
+    }
+  }
+);
 // =============================================================================
 // NEWSLETTER TOOLS
 // =============================================================================
@@ -1108,6 +1224,7 @@ async function main() {
     'Available tools: ghost_get_tags, ghost_create_tag, ghost_get_tag, ghost_update_tag, ghost_delete_tag, ghost_upload_image, ' +
       'ghost_create_post, ghost_get_posts, ghost_get_post, ghost_search_posts, ghost_update_post, ghost_delete_post, ' +
       'ghost_get_pages, ghost_get_page, ghost_create_page, ghost_update_page, ghost_delete_page, ghost_search_pages, ' +
+      'ghost_create_member, ghost_update_member, ghost_delete_member, ' +
       'ghost_get_newsletters, ghost_get_newsletter, ghost_create_newsletter, ghost_update_newsletter, ghost_delete_newsletter'
   );
 }

package/src/services/__tests__/ghostServiceImproved.members.test.js ADDED Viewed

@@ -0,0 +1,261 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { createMockContextLogger } from '../../__tests__/helpers/mockLogger.js';
+import { mockDotenv } from '../../__tests__/helpers/testUtils.js';
+// Mock the Ghost Admin API with members support
+vi.mock('@tryghost/admin-api', () => ({
+  default: vi.fn(function () {
+    return {
+      posts: {
+        add: vi.fn(),
+        browse: vi.fn(),
+        read: vi.fn(),
+        edit: vi.fn(),
+        delete: vi.fn(),
+      },
+      pages: {
+        add: vi.fn(),
+        browse: vi.fn(),
+        read: vi.fn(),
+        edit: vi.fn(),
+        delete: vi.fn(),
+      },
+      tags: {
+        add: vi.fn(),
+        browse: vi.fn(),
+        read: vi.fn(),
+        edit: vi.fn(),
+        delete: vi.fn(),
+      },
+      members: {
+        add: vi.fn(),
+        browse: vi.fn(),
+        read: vi.fn(),
+        edit: vi.fn(),
+        delete: vi.fn(),
+      },
+      site: {
+        read: vi.fn(),
+      },
+      images: {
+        upload: vi.fn(),
+      },
+    };
+  }),
+}));
+// Mock dotenv
+vi.mock('dotenv', () => mockDotenv());
+// Mock logger
+vi.mock('../../utils/logger.js', () => ({
+  createContextLogger: createMockContextLogger(),
+}));
+// Mock fs for validateImagePath
+vi.mock('fs/promises', () => ({
+  default: {
+    access: vi.fn(),
+  },
+}));
+// Import after setting up mocks
+import { createMember, updateMember, deleteMember, api } from '../ghostServiceImproved.js';
+describe('ghostServiceImproved - Members', () => {
+  beforeEach(() => {
+    // Reset all mocks before each test
+    vi.clearAllMocks();
+  });
+  describe('createMember', () => {
+    it('should create a member with required email', async () => {
+      const memberData = {
+        email: 'test@example.com',
+      };
+      const mockCreatedMember = {
+        id: 'member-1',
+        email: 'test@example.com',
+        status: 'free',
+      };
+      api.members.add.mockResolvedValue(mockCreatedMember);
+      const result = await createMember(memberData);
+      expect(api.members.add).toHaveBeenCalledWith(
+        expect.objectContaining({
+          email: 'test@example.com',
+        }),
+        expect.any(Object)
+      );
+      expect(result).toEqual(mockCreatedMember);
+    });
+    it('should create a member with optional fields', async () => {
+      const memberData = {
+        email: 'test@example.com',
+        name: 'John Doe',
+        note: 'Test member',
+        labels: ['premium', 'newsletter'],
+        newsletters: [{ id: 'newsletter-1' }],
+        subscribed: true,
+      };
+      const mockCreatedMember = {
+        id: 'member-1',
+        ...memberData,
+        status: 'free',
+      };
+      api.members.add.mockResolvedValue(mockCreatedMember);
+      const result = await createMember(memberData);
+      expect(api.members.add).toHaveBeenCalledWith(
+        expect.objectContaining(memberData),
+        expect.any(Object)
+      );
+      expect(result).toEqual(mockCreatedMember);
+    });
+    it('should throw validation error for missing email', async () => {
+      await expect(createMember({})).rejects.toThrow('Member validation failed');
+    });
+    it('should throw validation error for invalid email', async () => {
+      await expect(createMember({ email: 'invalid-email' })).rejects.toThrow(
+        'Member validation failed'
+      );
+    });
+    it('should throw validation error for invalid labels type', async () => {
+      await expect(
+        createMember({
+          email: 'test@example.com',
+          labels: 'premium',
+        })
+      ).rejects.toThrow('Member validation failed');
+    });
+    it('should handle Ghost API errors', async () => {
+      const memberData = {
+        email: 'test@example.com',
+      };
+      api.members.add.mockRejectedValue(new Error('Ghost API Error'));
+      await expect(createMember(memberData)).rejects.toThrow();
+    });
+  });
+  describe('updateMember', () => {
+    it('should update a member with valid ID and data', async () => {
+      const memberId = 'member-1';
+      const updateData = {
+        name: 'Jane Doe',
+        note: 'Updated note',
+      };
+      const mockExistingMember = {
+        id: memberId,
+        email: 'test@example.com',
+        name: 'John Doe',
+        updated_at: '2023-01-01T00:00:00.000Z',
+      };
+      const mockUpdatedMember = {
+        ...mockExistingMember,
+        ...updateData,
+      };
+      api.members.read.mockResolvedValue(mockExistingMember);
+      api.members.edit.mockResolvedValue(mockUpdatedMember);
+      const result = await updateMember(memberId, updateData);
+      expect(api.members.read).toHaveBeenCalledWith(expect.any(Object), { id: memberId });
+      expect(api.members.edit).toHaveBeenCalledWith(
+        expect.objectContaining({
+          ...mockExistingMember,
+          ...updateData,
+        }),
+        expect.objectContaining({ id: memberId })
+      );
+      expect(result).toEqual(mockUpdatedMember);
+    });
+    it('should update member email if provided', async () => {
+      const memberId = 'member-1';
+      const updateData = {
+        email: 'newemail@example.com',
+      };
+      const mockExistingMember = {
+        id: memberId,
+        email: 'test@example.com',
+        updated_at: '2023-01-01T00:00:00.000Z',
+      };
+      const mockUpdatedMember = {
+        ...mockExistingMember,
+        email: 'newemail@example.com',
+      };
+      api.members.read.mockResolvedValue(mockExistingMember);
+      api.members.edit.mockResolvedValue(mockUpdatedMember);
+      const result = await updateMember(memberId, updateData);
+      expect(result.email).toBe('newemail@example.com');
+    });
+    it('should throw validation error for missing member ID', async () => {
+      await expect(updateMember(null, { name: 'Test' })).rejects.toThrow(
+        'Member ID is required for update'
+      );
+    });
+    it('should throw validation error for invalid email in update', async () => {
+      await expect(updateMember('member-1', { email: 'invalid-email' })).rejects.toThrow(
+        'Member validation failed'
+      );
+    });
+    it('should throw not found error if member does not exist', async () => {
+      api.members.read.mockRejectedValue({
+        response: { status: 404 },
+        message: 'Member not found',
+      });
+      await expect(updateMember('non-existent', { name: 'Test' })).rejects.toThrow();
+    });
+  });
+  describe('deleteMember', () => {
+    it('should delete a member with valid ID', async () => {
+      const memberId = 'member-1';
+      api.members.delete.mockResolvedValue({ deleted: true });
+      const result = await deleteMember(memberId);
+      expect(api.members.delete).toHaveBeenCalledWith(memberId, expect.any(Object));
+      expect(result).toEqual({ deleted: true });
+    });
+    it('should throw validation error for missing member ID', async () => {
+      await expect(deleteMember(null)).rejects.toThrow('Member ID is required for deletion');
+    });
+    it('should throw not found error if member does not exist', async () => {
+      api.members.delete.mockRejectedValue({
+        response: { status: 404 },
+        message: 'Member not found',
+      });
+      await expect(deleteMember('non-existent')).rejects.toThrow();
+    });
+  });
+});

package/src/services/__tests__/memberService.test.js ADDED Viewed

@@ -0,0 +1,245 @@
+import { describe, it, expect } from 'vitest';
+import { validateMemberData, validateMemberUpdateData } from '../memberService.js';
+describe('memberService - Validation', () => {
+  describe('validateMemberData', () => {
+    it('should validate required email field', () => {
+      expect(() => validateMemberData({})).toThrow('Member validation failed');
+      expect(() => validateMemberData({ email: '' })).toThrow('Member validation failed');
+      expect(() => validateMemberData({ email: '   ' })).toThrow('Member validation failed');
+    });
+    it('should validate email format', () => {
+      expect(() => validateMemberData({ email: 'invalid-email' })).toThrow(
+        'Member validation failed'
+      );
+      expect(() => validateMemberData({ email: 'test@' })).toThrow('Member validation failed');
+      expect(() => validateMemberData({ email: '@test.com' })).toThrow('Member validation failed');
+    });
+    it('should accept valid email', () => {
+      expect(() => validateMemberData({ email: 'test@example.com' })).not.toThrow();
+    });
+    it('should accept optional name field', () => {
+      expect(() =>
+        validateMemberData({ email: 'test@example.com', name: 'John Doe' })
+      ).not.toThrow();
+    });
+    it('should accept optional note field', () => {
+      expect(() =>
+        validateMemberData({ email: 'test@example.com', note: 'Test note' })
+      ).not.toThrow();
+    });
+    it('should accept optional labels array', () => {
+      expect(() =>
+        validateMemberData({ email: 'test@example.com', labels: ['premium', 'newsletter'] })
+      ).not.toThrow();
+    });
+    it('should validate labels is an array', () => {
+      expect(() => validateMemberData({ email: 'test@example.com', labels: 'premium' })).toThrow(
+        'Member validation failed'
+      );
+    });
+    it('should accept optional newsletters array', () => {
+      expect(() =>
+        validateMemberData({
+          email: 'test@example.com',
+          newsletters: [{ id: 'newsletter-1' }],
+        })
+      ).not.toThrow();
+    });
+    it('should validate newsletter objects have id field', () => {
+      expect(() =>
+        validateMemberData({
+          email: 'test@example.com',
+          newsletters: [{ name: 'Newsletter' }],
+        })
+      ).toThrow('Member validation failed');
+    });
+    it('should accept optional subscribed boolean', () => {
+      expect(() =>
+        validateMemberData({ email: 'test@example.com', subscribed: true })
+      ).not.toThrow();
+      expect(() =>
+        validateMemberData({ email: 'test@example.com', subscribed: false })
+      ).not.toThrow();
+    });
+    it('should validate subscribed is a boolean', () => {
+      expect(() => validateMemberData({ email: 'test@example.com', subscribed: 'yes' })).toThrow(
+        'Member validation failed'
+      );
+    });
+    it('should validate name length', () => {
+      const longName = 'a'.repeat(192); // Exceeds MAX_NAME_LENGTH (191)
+      expect(() => validateMemberData({ email: 'test@example.com', name: longName })).toThrow(
+        'Member validation failed'
+      );
+    });
+    it('should accept name at max length', () => {
+      const maxName = 'a'.repeat(191); // At MAX_NAME_LENGTH
+      expect(() => validateMemberData({ email: 'test@example.com', name: maxName })).not.toThrow();
+    });
+    it('should validate note length', () => {
+      const longNote = 'a'.repeat(2001); // Exceeds MAX_NOTE_LENGTH (2000)
+      expect(() => validateMemberData({ email: 'test@example.com', note: longNote })).toThrow(
+        'Member validation failed'
+      );
+    });
+    it('should accept note at max length', () => {
+      const maxNote = 'a'.repeat(2000); // At MAX_NOTE_LENGTH
+      expect(() => validateMemberData({ email: 'test@example.com', note: maxNote })).not.toThrow();
+    });
+    it('should sanitize HTML in note field', () => {
+      const memberData = {
+        email: 'test@example.com',
+        note: '<script>alert("xss")</script>Test note',
+      };
+      validateMemberData(memberData);
+      expect(memberData.note).toBe('Test note'); // HTML should be stripped
+    });
+    it('should validate label length', () => {
+      const longLabel = 'a'.repeat(192); // Exceeds MAX_LABEL_LENGTH (191)
+      expect(() => validateMemberData({ email: 'test@example.com', labels: [longLabel] })).toThrow(
+        'Member validation failed'
+      );
+    });
+    it('should reject empty string labels', () => {
+      expect(() => validateMemberData({ email: 'test@example.com', labels: [''] })).toThrow(
+        'Member validation failed'
+      );
+      expect(() => validateMemberData({ email: 'test@example.com', labels: ['  '] })).toThrow(
+        'Member validation failed'
+      );
+    });
+    it('should reject non-string labels', () => {
+      expect(() => validateMemberData({ email: 'test@example.com', labels: [123] })).toThrow(
+        'Member validation failed'
+      );
+    });
+    it('should reject empty newsletter IDs', () => {
+      expect(() =>
+        validateMemberData({ email: 'test@example.com', newsletters: [{ id: '' }] })
+      ).toThrow('Member validation failed');
+      expect(() =>
+        validateMemberData({ email: 'test@example.com', newsletters: [{ id: '  ' }] })
+      ).toThrow('Member validation failed');
+    });
+  });
+  describe('validateMemberUpdateData', () => {
+    it('should validate email format if provided', () => {
+      expect(() => validateMemberUpdateData({ email: 'invalid-email' })).toThrow(
+        'Member validation failed'
+      );
+      expect(() => validateMemberUpdateData({ email: 'test@example.com' })).not.toThrow();
+    });
+    it('should accept update with only name', () => {
+      expect(() => validateMemberUpdateData({ name: 'John Doe' })).not.toThrow();
+    });
+    it('should accept update with only note', () => {
+      expect(() => validateMemberUpdateData({ note: 'Updated note' })).not.toThrow();
+    });
+    it('should accept update with only labels', () => {
+      expect(() => validateMemberUpdateData({ labels: ['premium'] })).not.toThrow();
+    });
+    it('should validate labels is an array if provided', () => {
+      expect(() => validateMemberUpdateData({ labels: 'premium' })).toThrow(
+        'Member validation failed'
+      );
+    });
+    it('should accept update with only newsletters', () => {
+      expect(() =>
+        validateMemberUpdateData({ newsletters: [{ id: 'newsletter-1' }] })
+      ).not.toThrow();
+    });
+    it('should validate newsletter objects have id field if provided', () => {
+      expect(() => validateMemberUpdateData({ newsletters: [{ name: 'Newsletter' }] })).toThrow(
+        'Member validation failed'
+      );
+    });
+    it('should allow empty update object', () => {
+      expect(() => validateMemberUpdateData({})).not.toThrow();
+    });
+    it('should validate name length in updates', () => {
+      const longName = 'a'.repeat(192); // Exceeds MAX_NAME_LENGTH (191)
+      expect(() => validateMemberUpdateData({ name: longName })).toThrow(
+        'Member validation failed'
+      );
+    });
+    it('should accept name at max length in updates', () => {
+      const maxName = 'a'.repeat(191); // At MAX_NAME_LENGTH
+      expect(() => validateMemberUpdateData({ name: maxName })).not.toThrow();
+    });
+    it('should validate note length in updates', () => {
+      const longNote = 'a'.repeat(2001); // Exceeds MAX_NOTE_LENGTH (2000)
+      expect(() => validateMemberUpdateData({ note: longNote })).toThrow(
+        'Member validation failed'
+      );
+    });
+    it('should accept note at max length in updates', () => {
+      const maxNote = 'a'.repeat(2000); // At MAX_NOTE_LENGTH
+      expect(() => validateMemberUpdateData({ note: maxNote })).not.toThrow();
+    });
+    it('should sanitize HTML in note field for updates', () => {
+      const updateData = { note: '<script>alert("xss")</script>Updated note' };
+      validateMemberUpdateData(updateData);
+      expect(updateData.note).toBe('Updated note'); // HTML should be stripped
+    });
+    it('should validate label length in updates', () => {
+      const longLabel = 'a'.repeat(192); // Exceeds MAX_LABEL_LENGTH (191)
+      expect(() => validateMemberUpdateData({ labels: [longLabel] })).toThrow(
+        'Member validation failed'
+      );
+    });
+    it('should reject empty string labels in updates', () => {
+      expect(() => validateMemberUpdateData({ labels: [''] })).toThrow('Member validation failed');
+      expect(() => validateMemberUpdateData({ labels: ['  '] })).toThrow(
+        'Member validation failed'
+      );
+    });
+    it('should reject non-string labels in updates', () => {
+      expect(() => validateMemberUpdateData({ labels: [123] })).toThrow('Member validation failed');
+    });
+    it('should reject empty newsletter IDs in updates', () => {
+      expect(() => validateMemberUpdateData({ newsletters: [{ id: '' }] })).toThrow(
+        'Member validation failed'
+      );
+      expect(() => validateMemberUpdateData({ newsletters: [{ id: '  ' }] })).toThrow(
+        'Member validation failed'
+      );
+    });
+  });
+});

package/src/services/ghostServiceImproved.js CHANGED Viewed

@@ -772,6 +772,110 @@ export async function deleteTag(tagId) {
   }
 }
+/**
+ * Member CRUD Operations
+ * Members represent subscribers/users in Ghost CMS
+ */
+/**
+ * Creates a new member (subscriber) in Ghost CMS
+ * @param {Object} memberData - The member data
+ * @param {string} memberData.email - Member email (required)
+ * @param {string} [memberData.name] - Member name
+ * @param {string} [memberData.note] - Notes about the member (HTML will be sanitized)
+ * @param {string[]} [memberData.labels] - Array of label names
+ * @param {Object[]} [memberData.newsletters] - Array of newsletter objects with id
+ * @param {boolean} [memberData.subscribed] - Email subscription status
+ * @param {Object} [options] - Additional options for the API request
+ * @returns {Promise<Object>} The created member object
+ * @throws {ValidationError} If validation fails
+ * @throws {GhostAPIError} If the API request fails
+ */
+export async function createMember(memberData, options = {}) {
+  // Import and validate input
+  const { validateMemberData } = await import('./memberService.js');
+  validateMemberData(memberData);
+  try {
+    return await handleApiRequest('members', 'add', memberData, options);
+  } catch (error) {
+    if (error instanceof GhostAPIError && error.ghostStatusCode === 422) {
+      throw new ValidationError('Member creation failed due to validation errors', [
+        { field: 'member', message: error.originalError },
+      ]);
+    }
+    throw error;
+  }
+}
+/**
+ * Updates an existing member in Ghost CMS
+ * @param {string} memberId - The member ID to update
+ * @param {Object} updateData - The member update data
+ * @param {string} [updateData.email] - Member email
+ * @param {string} [updateData.name] - Member name
+ * @param {string} [updateData.note] - Notes about the member (HTML will be sanitized)
+ * @param {string[]} [updateData.labels] - Array of label names
+ * @param {Object[]} [updateData.newsletters] - Array of newsletter objects with id
+ * @param {boolean} [updateData.subscribed] - Email subscription status
+ * @param {Object} [options] - Additional options for the API request
+ * @returns {Promise<Object>} The updated member object
+ * @throws {ValidationError} If validation fails
+ * @throws {NotFoundError} If the member is not found
+ * @throws {GhostAPIError} If the API request fails
+ */
+export async function updateMember(memberId, updateData, options = {}) {
+  if (!memberId) {
+    throw new ValidationError('Member ID is required for update');
+  }
+  // Import and validate update data
+  const { validateMemberUpdateData } = await import('./memberService.js');
+  validateMemberUpdateData(updateData);
+  try {
+    // Get existing member to retrieve updated_at for conflict resolution
+    const existingMember = await handleApiRequest('members', 'read', { id: memberId });
+    // Merge existing data with updates, preserving updated_at
+    const mergedData = {
+      ...existingMember,
+      ...updateData,
+      updated_at: existingMember.updated_at,
+    };
+    return await handleApiRequest('members', 'edit', mergedData, { id: memberId, ...options });
+  } catch (error) {
+    if (error instanceof GhostAPIError && error.ghostStatusCode === 404) {
+      throw new NotFoundError('Member', memberId);
+    }
+    throw error;
+  }
+}
+/**
+ * Deletes a member from Ghost CMS
+ * @param {string} memberId - The member ID to delete
+ * @returns {Promise<Object>} Deletion confirmation object
+ * @throws {ValidationError} If member ID is not provided
+ * @throws {NotFoundError} If the member is not found
+ * @throws {GhostAPIError} If the API request fails
+ */
+export async function deleteMember(memberId) {
+  if (!memberId) {
+    throw new ValidationError('Member ID is required for deletion');
+  }
+  try {
+    return await handleApiRequest('members', 'delete', { id: memberId });
+  } catch (error) {
+    if (error instanceof GhostAPIError && error.ghostStatusCode === 404) {
+      throw new NotFoundError('Member', memberId);
+    }
+    throw error;
+  }
+}
 /**
  * Newsletter CRUD Operations
  */
@@ -920,6 +1024,9 @@ export default {
   getTag,
   updateTag,
   deleteTag,
+  createMember,
+  updateMember,
+  deleteMember,
   getNewsletters,
   getNewsletter,
   createNewsletter,

package/src/services/memberService.js ADDED Viewed

@@ -0,0 +1,202 @@
+import sanitizeHtml from 'sanitize-html';
+import { ValidationError } from '../errors/index.js';
+/**
+ * Email validation regex
+ * Simple but effective email validation
+ */
+const EMAIL_REGEX = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+/**
+ * Maximum length constants (following Ghost's database constraints)
+ */
+const MAX_NAME_LENGTH = 191; // Ghost's typical varchar limit
+const MAX_NOTE_LENGTH = 2000; // Reasonable limit for notes
+const MAX_LABEL_LENGTH = 191; // Label name limit
+/**
+ * Validates member data for creation
+ * @param {Object} memberData - The member data to validate
+ * @throws {ValidationError} If validation fails
+ */
+export function validateMemberData(memberData) {
+  const errors = [];
+  // Email is required and must be valid
+  if (!memberData.email || memberData.email.trim().length === 0) {
+    errors.push({ field: 'email', message: 'Email is required' });
+  } else if (!EMAIL_REGEX.test(memberData.email)) {
+    errors.push({ field: 'email', message: 'Invalid email format' });
+  }
+  // Name is optional but must be a string with valid length if provided
+  if (memberData.name !== undefined) {
+    if (typeof memberData.name !== 'string') {
+      errors.push({ field: 'name', message: 'Name must be a string' });
+    } else if (memberData.name.length > MAX_NAME_LENGTH) {
+      errors.push({ field: 'name', message: `Name must not exceed ${MAX_NAME_LENGTH} characters` });
+    }
+  }
+  // Note is optional but must be a string with valid length if provided
+  // Sanitize HTML to prevent XSS attacks
+  if (memberData.note !== undefined) {
+    if (typeof memberData.note !== 'string') {
+      errors.push({ field: 'note', message: 'Note must be a string' });
+    } else {
+      if (memberData.note.length > MAX_NOTE_LENGTH) {
+        errors.push({
+          field: 'note',
+          message: `Note must not exceed ${MAX_NOTE_LENGTH} characters`,
+        });
+      }
+      // Sanitize HTML content - strip all HTML tags for notes
+      memberData.note = sanitizeHtml(memberData.note, {
+        allowedTags: [], // Strip all HTML
+        allowedAttributes: {},
+      });
+    }
+  }
+  // Labels is optional but must be an array of valid strings if provided
+  if (memberData.labels !== undefined) {
+    if (!Array.isArray(memberData.labels)) {
+      errors.push({ field: 'labels', message: 'Labels must be an array' });
+    } else {
+      // Validate each label is a non-empty string within length limit
+      const invalidLabels = memberData.labels.filter(
+        (label) =>
+          typeof label !== 'string' || label.trim().length === 0 || label.length > MAX_LABEL_LENGTH
+      );
+      if (invalidLabels.length > 0) {
+        errors.push({
+          field: 'labels',
+          message: `Each label must be a non-empty string (max ${MAX_LABEL_LENGTH} characters)`,
+        });
+      }
+    }
+  }
+  // Newsletters is optional but must be an array of objects with valid id field
+  if (memberData.newsletters !== undefined) {
+    if (!Array.isArray(memberData.newsletters)) {
+      errors.push({ field: 'newsletters', message: 'Newsletters must be an array' });
+    } else {
+      // Validate each newsletter has a non-empty string id
+      const invalidNewsletters = memberData.newsletters.filter(
+        (newsletter) =>
+          !newsletter.id || typeof newsletter.id !== 'string' || newsletter.id.trim().length === 0
+      );
+      if (invalidNewsletters.length > 0) {
+        errors.push({
+          field: 'newsletters',
+          message: 'Each newsletter must have a non-empty id field',
+        });
+      }
+    }
+  }
+  // Subscribed is optional but must be a boolean if provided
+  if (memberData.subscribed !== undefined && typeof memberData.subscribed !== 'boolean') {
+    errors.push({ field: 'subscribed', message: 'Subscribed must be a boolean' });
+  }
+  if (errors.length > 0) {
+    throw new ValidationError('Member validation failed', errors);
+  }
+}
+/**
+ * Validates member data for update
+ * All fields are optional for updates, but if provided they must be valid
+ * @param {Object} updateData - The member update data to validate
+ * @throws {ValidationError} If validation fails
+ */
+export function validateMemberUpdateData(updateData) {
+  const errors = [];
+  // Email is optional for update but must be valid if provided
+  if (updateData.email !== undefined) {
+    if (typeof updateData.email !== 'string' || updateData.email.trim().length === 0) {
+      errors.push({ field: 'email', message: 'Email must be a non-empty string' });
+    } else if (!EMAIL_REGEX.test(updateData.email)) {
+      errors.push({ field: 'email', message: 'Invalid email format' });
+    }
+  }
+  // Name is optional but must be a string with valid length if provided
+  if (updateData.name !== undefined) {
+    if (typeof updateData.name !== 'string') {
+      errors.push({ field: 'name', message: 'Name must be a string' });
+    } else if (updateData.name.length > MAX_NAME_LENGTH) {
+      errors.push({ field: 'name', message: `Name must not exceed ${MAX_NAME_LENGTH} characters` });
+    }
+  }
+  // Note is optional but must be a string with valid length if provided
+  // Sanitize HTML to prevent XSS attacks
+  if (updateData.note !== undefined) {
+    if (typeof updateData.note !== 'string') {
+      errors.push({ field: 'note', message: 'Note must be a string' });
+    } else {
+      if (updateData.note.length > MAX_NOTE_LENGTH) {
+        errors.push({
+          field: 'note',
+          message: `Note must not exceed ${MAX_NOTE_LENGTH} characters`,
+        });
+      }
+      // Sanitize HTML content - strip all HTML tags for notes
+      updateData.note = sanitizeHtml(updateData.note, {
+        allowedTags: [], // Strip all HTML
+        allowedAttributes: {},
+      });
+    }
+  }
+  // Labels is optional but must be an array of valid strings if provided
+  if (updateData.labels !== undefined) {
+    if (!Array.isArray(updateData.labels)) {
+      errors.push({ field: 'labels', message: 'Labels must be an array' });
+    } else {
+      // Validate each label is a non-empty string within length limit
+      const invalidLabels = updateData.labels.filter(
+        (label) =>
+          typeof label !== 'string' || label.trim().length === 0 || label.length > MAX_LABEL_LENGTH
+      );
+      if (invalidLabels.length > 0) {
+        errors.push({
+          field: 'labels',
+          message: `Each label must be a non-empty string (max ${MAX_LABEL_LENGTH} characters)`,
+        });
+      }
+    }
+  }
+  // Newsletters is optional but must be an array of objects with valid id field
+  if (updateData.newsletters !== undefined) {
+    if (!Array.isArray(updateData.newsletters)) {
+      errors.push({ field: 'newsletters', message: 'Newsletters must be an array' });
+    } else {
+      // Validate each newsletter has a non-empty string id
+      const invalidNewsletters = updateData.newsletters.filter(
+        (newsletter) =>
+          !newsletter.id || typeof newsletter.id !== 'string' || newsletter.id.trim().length === 0
+      );
+      if (invalidNewsletters.length > 0) {
+        errors.push({
+          field: 'newsletters',
+          message: 'Each newsletter must have a non-empty id field',
+        });
+      }
+    }
+  }
+  if (errors.length > 0) {
+    throw new ValidationError('Member validation failed', errors);
+  }
+}
+export default {
+  validateMemberData,
+  validateMemberUpdateData,
+};